Why did this occur when turning off recursion
Brad Knowles
brad.knowles at skynet.be
Tue May 22 13:09:14 UTC 2001
At 7:28 AM -0500 5/22/01, King, John (Greg) (OAO-HOU) wrote:
> I added the following named.conf entries
>
> recursion no;
> fetch-glue no;
>
> Restarted BIND and my entire home network could not resolve anything. I
> thought the server would respond back with the root server list telling my
> system where it needed to go to find its information (and not use my dns
> server to do the lookup). Instead nothing resolved at all. Took the entries
> out and everything worked again.
The resolver that is built into most OSes cannot handle
recursion. Instead, it depends on a nameserver to that for it. What
you had is a resolver pointed at the nameserver on the local machine,
and everything worked fine. When you turned off recursion on the
local nameserver, the resolver broke because it can't handle
recursion on its own.
The lesson you should take away from this is that you will almost
always need a local caching/recursive nameserver for local machines
to use, in order to be able to resolve any hostnames for the rest of
the 'net.
You *MAY* also need an authoritative nameserver, so that people
from the outside world can find out about your machines. If you do,
then I would encourage you to set that up on a totally separate
machine and make sure that you turn off recursion on it. It's not
strictly necessary to set it up on a separate machine, but it does
make configuring and managing the machines much easier.
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* Represented as 1045 digit prime number by Phil Carmody */
/* Prime as DNS cname chain by Roy Arends and Walter Belgers */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
More information about the bind-users
mailing list